On Wed, Jan 27, 2010 at 9:04 AM, Michael Scheidell <[email protected]>wrote:
> >From MY perspective, I am glad this came up. we have our primary box > natted behind a firewall that doesn't like SIP, and were about to move one > of the incs to the public side, leaving the phones behind in a separate > internal network (don't have enough public ip's for all the phones :-). > (replace the firewall so you have a concise security solution. you'll find pfsense works well, and supports snort. > > There are lots of reasons for wanting to put the sipxbridge ip on the > public side, mostly to circumvent those nasty firewall issues, and keep the > phones on a private ip block. > (i wont agree to having a piece of software responsible for dialing toll calls to by carrier "out in the open" if i can help it) > > if done, yes, would like to see the gui have ability to select which > interface to bind what on. maybe I don't want external port 80 (can do via > iptables if I want), maybe don't want external ssh, or user web gui. > > I would assume Id want sipx (port 5060 stuff) external, and the phones > internal. > I would assume a GUI based dhcpd based support, with all the nice vendor > codes supported. > (webmin) > DNS dual zone would be nice (so 'sip.example.com' comes out external ip, > sip.example.com come out internal, different ip's) > (webmin, dns like this is already supported and there is a wiki document(s).) > > I do understand routing AND SECURITY ISSUES in bridging across the > firewall. poorly protected network, bad ssh root passwords (since default > sshd_config allows root ) could allow a hacker full access to your internal > network (unless that internal network was just phones.. and no one plugged a > laptop into the back of the phone). > > just some thoughts for the future. > > priority might be to solve some of these random call forwarding external > issues that I have seen crop up in the group. > I am not sure it has been a sipxbridge issue with the call forwarding issue. Some of these might be a carrier/itsp issues, as well as handset issues. We have NO problems doing this with bandwidth.com and pfsense. > > > -- > Michael Scheidell, CTO > Phone: 561-999-5000, x 1259 > > *| *SECNAP Network Security Corporation > > - Certified SNORT Integrator > - 2008-9 Hot Company Award Winner, World Executive Alliance > - Five-Star Partner Program 2009, VARBusiness > - Best Anti-Spam Product 2008, Network Products Guide > - King of Spam Filters, SC Magazine 2008 > > > ------------------------------ > > This email has been scanned and certified safe by SpammerTrap®. > For Information please see http://www.secnap.com/products/spammertrap/ > ------------------------------ > > > _______________________________________________ > sipx-users mailing list [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users > sipXecs IP PBX -- http://www.sipfoundry.org/ > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec.
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
